Note any interesting plain-text strings or metadata found that provided clues. 3. Methodology & Steps
If the flag was encoded, explain the decoding process (e.g., Base64, Hex-to-Decimal, or custom scripts). 4. Conclusion & Flag FA2017-002.rar
List the software employed (e.g., binwalk , Wireshark , exiftool , strings , hex editor ). 2. Initial Analysis Note any interesting plain-text strings or metadata found
Explain how you handled the .rar file. If it was password-protected, describe how you found the password (e.g., through a separate file, brute-forcing, or finding it in memory dumps). Initial Analysis Explain how you handled the
State the final result or flag found (e.g., CTF{example_flag_value} ).
Briefly mention any new techniques or tools learned during the process. Writing Standards To ensure your write-up is professional and readable: FAA Writing Standards
Detail the process of finding the hidden data. For example, if you used Autopsy to search slack space or strings/grep to find a hidden flag.